Informed consent

Sofia is a software specialist, who likes to search for information and understand how things work. When she was ten, she made a transistor radio by demolishing some old radios and boxes and putting them back together in a different constellation. She also used to scan the dictionary for mistakes in the classification of animals.

Sofia is suspicious of ‘free’ software. Assuming that paid-for services will probably respect her privacy better, she has recently subscribed to an app called GreyWay (slogan: „Stay fit all the way, from birth until you’re grey“), which promises to use personal health and lifestyle data to provide both general and customized health advice (“Eat more avocado”, “Try taking cold showers before going to work in the morning”, “Do not increase your running distance by more than 10% every week”). There is also a ‘premium’ option, which offers personalized health advice on the basis of a genome sequencing.

For fun, Sofia has started to read the ‘consent’ form of GreyWay. She knows that health apps are infamous for providing long and illegible forms that almost nobody reads, so she wants to give it a try. Obviously, GreyWay needs a lot of personal information in order to give customised results, but she is curious to see what happens to the information after it is collected. Is it used for scientific research? If so, is it anonymised? Do they give it to Facebook? Browsing through the form, she notices that GreyWay claims not to pass the information on to third parties, which pleases her, but it also says that GreyWay may change these conditions at any time, which puzzles her.

Then the disclaimer, all the way at the bottom, catches her eye: “GreyWay is not a medical device and should be used for entertainment purposes only. If you have a medical condition, consult a doctor before using GreyWay.”

“Well, do I have a medical condition?” she wonders. She has had chronic wrist pain for half a year now, and she has a gluten intolerance. Should she now consult a doctor, before heeding the advice of GreyWay?

The more she thinks about the issue, the less sense it makes to Sofia. Doesn’t GreyWay give her medical advice as well? So it is not just for ‘entertainment’, is it? And who doesn’t have a ‘medical condition’? Is every user just supposed to know that they should consult a doctor before using GreyWay? Who reads these forms anyway?

Consent, data and the difference between medical and leisure applications

Sofia is a rare specimen: most people consent in online environments without ever bothering to check what they are consenting to (by way of illustration see this prank).

Very few people 1 actually bother to check what claims they waive by checking the consent box. But even if one does try to find out what the implications of using a particular app are in terms of privacy or possible dangers, digital informed consent forms tend to do very little in terms of actually informing. Sofia is smart, interested, and she takes the time to explore what policies the GreyWay app actually has with regard to privacy issues. Yet, she only half-succeeds in finding the answers to her questions. Now, GreyWay is – obviously – a fictitious example, but the described consent form is quite real. Many developers of health applications (and other digital companies)2 use elaborate and complex consent forms that do not make clear what the trade off is.

As long as no harm is done, this may not be so bad. But it is not always clear if no harm is done. GreyWay provides health advice, and from the case description it seems that the app walks a fine line between general health tips and medical diagnosis.

GreyWay obviously wants to stay in the ‘wellness’ section of health apps, presumably because different legal frameworks apply to those health apps that market themselves as medical tools. Yet, the personalized character of GreyWay health advice strongly suggests to users that the application is able to do more than just offer some generally applicable ‘good advice’. This applies especially when users opt for the genome sequencing services, but other personal medical information that is used to tailor health recommendations may be considered ‘medical’ as well.

These ‘grey’ areas raise questions on the proper domain of medical applications and the role of consent herein. In the medical sphere, consent is one of the pillars of good ethical practice. Many health apps take on roles that formerly were the domain of traditional healthcare, such as diagnostic services and medication regimes. In the case of Greyway, particularly privacy sensitive information may arise as the result of genetic testing, which raises questions familiar to the ethics of genetic testing. For example, what if the sequencing returns ‘unwelcome’ information, for example on the genetic disposition for a serious, but untreatable disease? Is there a duty to disclose such information? Who should be held responsible? How should consent procedures deal with the possibility of such ‘unsought’ information? Such questions are difficult enough in the context of clinical genetics, but in the sphere of health apps, one may wonder all the more whether they are sufficiently being addressed.


O’Connor, Y., Rowan, W., Lynch, L., & Heavin, C. (2017). Privacy by design: informed consent and internet of things for smart health. Procedia computer science, 113, 653-658.

Custers, B., van der Hof, S., & Schermer, B. (2014). Privacy expectations of social media users: The role of informed consent in privacy policies. Policy & Internet, 6(3), 268-295.


Many companies offer different varieties of ‘personalized’ health accounts that seem to belong to the grey area between medical and wellness apps. The phrasing of the consent requirements echoes that of numerous apps that operate in this area. See this blogpost for examples. Numerous companies offer genome sequencing services or tests for specific alleles and some even offer integrated services, comparable to Greyway.


More Projects